1 /*
2 * Copyright (c) 2024-2026, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <limits.h>
9
10 #include <arch_helpers.h>
11 #include <common/debug.h>
12 #include <drivers/st/bsec.h>
13 #include <drivers/st/bsec3_reg.h>
14 #include <drivers/st/stm32mp_reset.h>
15 #include <lib/mmio.h>
16 #include <lib/spinlock.h>
17 #include <libfdt.h>
18
19 #include <platform_def.h>
20
21 #define BSEC_IP_VERSION_1_0 U(0x10)
22 #define BSEC_IP_VERSION_1_2 U(0x12)
23 #define BSEC_IP_ID_3 U(0x100033)
24
25 #define MAX_NB_TRIES U(3)
26
27 /*
28 * IP configuration
29 */
30 #define BSEC_OTP_MASK GENMASK_32(4, 0)
31 #define BSEC_OTP_BANK_SHIFT U(5)
32 #define BSEC_TIMEOUT_VALUE U(0x800000) /* ~7sec @1.2GHz */
33
otp_bank(uint32_t otp)34 static uint32_t otp_bank(uint32_t otp)
35 {
36 if (otp > STM32MP2_OTP_MAX_ID) {
37 panic();
38 }
39
40 return (otp & ~BSEC_OTP_MASK) >> BSEC_OTP_BANK_SHIFT;
41 }
42
otp_bit_mask(uint32_t otp)43 static uint32_t otp_bit_mask(uint32_t otp)
44 {
45 return BIT(otp & BSEC_OTP_MASK);
46 }
47
48 /*
49 * bsec_get_status: return status register value.
50 */
bsec_get_status(void)51 static uint32_t bsec_get_status(void)
52 {
53 return mmio_read_32(BSEC_BASE + BSEC_OTPSR);
54 }
55
56 /*
57 * bsec_get_version: return BSEC version.
58 */
bsec_get_version(void)59 static uint32_t bsec_get_version(void)
60 {
61 return mmio_read_32(BSEC_BASE + BSEC_VERR) & BSEC_VERR_MASK;
62 }
63
64 /*
65 * bsec_get_id: return BSEC ID.
66 */
bsec_get_id(void)67 static uint32_t bsec_get_id(void)
68 {
69 return mmio_read_32(BSEC_BASE + BSEC_IPIDR);
70 }
71
is_fuse_shadowed(uint32_t otp)72 static bool is_fuse_shadowed(uint32_t otp)
73 {
74 uint32_t bank = otp_bank(otp);
75 uint32_t otp_mask = otp_bit_mask(otp);
76 uint32_t bank_value;
77
78 bank_value = mmio_read_32(BSEC_BASE + BSEC_SFSR(bank));
79
80 if ((bank_value & otp_mask) != 0U) {
81 return true;
82 }
83
84 return false;
85 }
86
poll_otp_status_busy(void)87 static void poll_otp_status_busy(void)
88 {
89 uint32_t timeout = BSEC_TIMEOUT_VALUE;
90
91 while (((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) && (timeout != 0U)) {
92 timeout--;
93 }
94
95 if ((bsec_get_status() & BSEC_OTPSR_BUSY) != 0U) {
96 ERROR("BSEC timeout\n");
97 panic();
98 }
99 }
100
check_read_error(uint32_t otp)101 static uint32_t check_read_error(uint32_t otp)
102 {
103 uint32_t status = bsec_get_status();
104
105 if ((status & BSEC_OTPSR_SECF) != 0U) {
106 VERBOSE("BSEC read %u single error correction detected\n", otp);
107 }
108
109 if ((status & BSEC_OTPSR_PPLF) != 0U) {
110 VERBOSE("BSEC read %u permanent programming lock detected.\n", otp);
111 }
112
113 if ((status & BSEC_OTPSR_PPLMF) != 0U) {
114 ERROR("BSEC read %u error 0x%x\n", otp, status);
115 return BSEC_ERROR;
116 }
117
118 if ((status & (BSEC_OTPSR_DISTURBF | BSEC_OTPSR_DEDF | BSEC_OTPSR_AMEF)) != 0U) {
119 ERROR("BSEC read %u error 0x%x with invalid FVR\n", otp, status);
120 return BSEC_RETRY;
121 }
122
123 return BSEC_OK;
124 }
125
check_program_error(uint32_t otp)126 static uint32_t check_program_error(uint32_t otp)
127 {
128 uint32_t status = bsec_get_status();
129
130 if ((status & BSEC_OTPSR_PROGFAIL) != 0U) {
131 ERROR("BSEC program %u error 0x%x\n", otp, status);
132 return BSEC_RETRY;
133 }
134
135 return BSEC_OK;
136 }
137
check_reset_error(void)138 static void check_reset_error(void)
139 {
140 uint32_t status = bsec_get_status();
141
142 /* check initial status reporting */
143 if ((status & BSEC_OTPSR_BUSY) != 0U) {
144 VERBOSE("BSEC reset and busy when OTPSR read\n");
145 }
146 if ((status & BSEC_OTPSR_HIDEUP) != 0U) {
147 VERBOSE("BSEC upper fuse are not accessible (HIDEUP)\n");
148 }
149 if ((status & BSEC_OTPSR_OTPSEC) != 0U) {
150 VERBOSE("BSEC reset single error correction detected\n");
151 }
152 if ((status & BSEC_OTPSR_OTPNVIR) == 0U) {
153 VERBOSE("BSEC reset first fuse word 0 is detected zero\n");
154 }
155 if ((status & BSEC_OTPSR_OTPERR) != 0U) {
156 ERROR("BSEC reset critical error 0x%x\n", status);
157 panic();
158 }
159 if ((status & BSEC_OTPSR_INIT_DONE) != BSEC_OTPSR_INIT_DONE) {
160 ERROR("BSEC reset critical error 0x%x\n", status);
161 panic();
162 }
163 }
164
is_bsec_write_locked(void)165 static bool is_bsec_write_locked(void)
166 {
167 return (mmio_read_32(BSEC_BASE + BSEC_LOCKR) & BSEC_LOCKR_GWLOCK_MASK) != 0U;
168 }
169
170 /*
171 * bsec_probe: initialize BSEC driver.
172 * return value: BSEC_OK if no error.
173 */
bsec_probe(void)174 uint32_t bsec_probe(void)
175 {
176 uint32_t version = bsec_get_version();
177 uint32_t id = bsec_get_id();
178
179 #if STM32MP21
180 if ((version != BSEC_IP_VERSION_1_2) || (id != BSEC_IP_ID_3)) {
181 #else /* STM32MP21 */
182 if ((version != BSEC_IP_VERSION_1_0) || (id != BSEC_IP_ID_3)) {
183 #endif /* STM32MP21 */
184 EARLY_ERROR("%s: version = 0x%x, id = 0x%x\n", __func__, version, id);
185 panic();
186 }
187
188 check_reset_error();
189
190 return BSEC_OK;
191 }
192
193 /*
194 * bsec_shadow_register: copy SAFMEM OTP to BSEC data.
195 * otp: OTP number.
196 * return value: BSEC_OK if no error.
197 */
198 static uint32_t bsec_shadow_register(uint32_t otp)
199 {
200 uint32_t result;
201 uint32_t i;
202 bool value;
203
204 result = bsec_read_sr_lock(otp, &value);
205 if (result != BSEC_OK) {
206 WARN("BSEC: %u Sticky-read bit read Error %u\n", otp, result);
207 } else if (value) {
208 VERBOSE("BSEC: OTP %u is locked and will not be refreshed\n", otp);
209 }
210
211 for (i = 0U; i < MAX_NB_TRIES; i++) {
212 mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp);
213
214 poll_otp_status_busy();
215
216 result = check_read_error(otp);
217 if (result != BSEC_RETRY) {
218 break;
219 }
220 }
221
222 return result;
223 }
224
225 /*
226 * bsec_write_otp: write a value in shadow OTP.
227 * val: value to program.
228 * otp: OTP number.
229 * return value: BSEC_OK if no error.
230 */
231 uint32_t bsec_write_otp(uint32_t val, uint32_t otp)
232 {
233 bool state;
234 uint32_t result;
235
236 if (otp > STM32MP2_OTP_MAX_ID) {
237 panic();
238 }
239
240 if (!is_fuse_shadowed(otp)) {
241 return BSEC_ERROR;
242 }
243
244 if (is_bsec_write_locked()) {
245 return BSEC_WRITE_LOCKED;
246 }
247
248 result = bsec_read_sw_lock(otp, &state);
249 if (result != BSEC_OK) {
250 WARN("Shadow register is SW locked\n");
251 return result;
252 }
253
254 mmio_write_32(BSEC_BASE + BSEC_FVR(otp), val);
255
256 return BSEC_OK;
257 }
258
259 /*
260 * bsec_program_otp: program a bit in SAFMEM after the prog.
261 * The OTP data is not refreshed.
262 * val: value to program.
263 * otp: OTP number.
264 * return value: BSEC_OK if no error.
265 */
266 uint32_t bsec_program_otp(uint32_t val, uint32_t otp)
267 {
268 uint32_t result;
269 uint32_t i;
270 bool value;
271
272 if (otp > STM32MP2_OTP_MAX_ID) {
273 panic();
274 }
275
276 if (is_bsec_write_locked() == true) {
277 return BSEC_WRITE_LOCKED;
278 }
279
280 result = bsec_read_sp_lock(otp, &value);
281 if (result != BSEC_OK) {
282 WARN("BSEC: %u Sticky-prog bit read Error %u\n", otp, result);
283 } else if (value) {
284 WARN("BSEC: OTP locked, prog will be ignored\n");
285 return BSEC_WRITE_LOCKED;
286 }
287
288 mmio_write_32(BSEC_BASE + BSEC_WDR, val);
289
290 for (i = 0U; i < MAX_NB_TRIES; i++) {
291 mmio_write_32(BSEC_BASE + BSEC_OTPCR, otp | BSEC_OTPCR_PROG);
292
293 poll_otp_status_busy();
294
295 result = check_program_error(otp);
296 if (result != BSEC_RETRY) {
297 break;
298 }
299 }
300
301 return result;
302 }
303
304 /*
305 * bsec_read_debug_conf: read debug configuration.
306 */
307 uint32_t bsec_read_debug_conf(void)
308 {
309 return mmio_read_32(BSEC_BASE + BSEC_DENR);
310 }
311
312 static uint32_t bsec_lock_register_set(uint32_t offset, uint32_t mask)
313 {
314 uint32_t value = mmio_read_32(BSEC_BASE + offset);
315
316 /* The lock is already set */
317 if ((value & mask) != 0U) {
318 return BSEC_OK;
319 }
320
321 if (is_bsec_write_locked()) {
322 return BSEC_WRITE_LOCKED;
323 }
324
325 value |= mask;
326
327 mmio_write_32(BSEC_BASE + offset, value);
328
329 return BSEC_OK;
330 }
331
332 static bool bsec_lock_register_get(uint32_t offset, uint32_t mask)
333 {
334 uint32_t value = mmio_read_32(BSEC_BASE + offset);
335
336 return (value & mask) != 0U;
337 }
338
339 /*
340 * bsec_set_sr_lock: set shadow-read lock.
341 * otp: OTP number.
342 * return value: BSEC_OK if no error.
343 */
344 uint32_t bsec_set_sr_lock(uint32_t otp)
345 {
346 uint32_t bank = otp_bank(otp);
347 uint32_t otp_mask = otp_bit_mask(otp);
348
349 if (otp > STM32MP2_OTP_MAX_ID) {
350 panic();
351 }
352
353 return bsec_lock_register_set(BSEC_SRLOCK(bank), otp_mask);
354 }
355
356 /*
357 * bsec_read_sr_lock: read shadow-read lock.
358 * otp: OTP number.
359 * value: read value (true or false).
360 * return value: BSEC_OK if no error.
361 */
362 uint32_t bsec_read_sr_lock(uint32_t otp, bool *value)
363 {
364 uint32_t bank = otp_bank(otp);
365 uint32_t otp_mask = otp_bit_mask(otp);
366
367 assert(value != NULL);
368 if (otp > STM32MP2_OTP_MAX_ID) {
369 panic();
370 }
371
372 *value = bsec_lock_register_get(BSEC_SRLOCK(bank), otp_mask);
373
374 return BSEC_OK;
375 }
376
377 /*
378 * bsec_set_sw_lock: set shadow-write lock.
379 * otp: OTP number.
380 * return value: BSEC_OK if no error.
381 */
382 uint32_t bsec_set_sw_lock(uint32_t otp)
383 {
384 uint32_t bank = otp_bank(otp);
385 uint32_t otp_mask = otp_bit_mask(otp);
386
387 if (otp > STM32MP2_OTP_MAX_ID) {
388 panic();
389 }
390
391 return bsec_lock_register_set(BSEC_SWLOCK(bank), otp_mask);
392 }
393
394 /*
395 * bsec_read_sw_lock: read shadow-write lock.
396 * otp: OTP number.
397 * value: read value (true or false).
398 * return value: BSEC_OK if no error.
399 */
400 uint32_t bsec_read_sw_lock(uint32_t otp, bool *value)
401 {
402 uint32_t bank = otp_bank(otp);
403 uint32_t otp_mask = otp_bit_mask(otp);
404
405 assert(value != NULL);
406 if (otp > STM32MP2_OTP_MAX_ID) {
407 panic();
408 }
409
410 *value = bsec_lock_register_get(BSEC_SWLOCK(bank), otp_mask);
411
412 return BSEC_OK;
413 }
414
415 /*
416 * bsec_set_sp_lock: set shadow-program lock.
417 * otp: OTP number.
418 * return value: BSEC_OK if no error.
419 */
420 uint32_t bsec_set_sp_lock(uint32_t otp)
421 {
422 uint32_t bank = otp_bank(otp);
423 uint32_t otp_mask = otp_bit_mask(otp);
424
425 if (otp > STM32MP2_OTP_MAX_ID) {
426 panic();
427 }
428
429 return bsec_lock_register_set(BSEC_SPLOCK(bank), otp_mask);
430 }
431
432 /*
433 * bsec_read_sp_lock: read shadow-program lock.
434 * otp: OTP number.
435 * value: read value (true or false).
436 * return value: BSEC_OK if no error.
437 */
438 uint32_t bsec_read_sp_lock(uint32_t otp, bool *value)
439 {
440 uint32_t bank = otp_bank(otp);
441 uint32_t otp_mask = otp_bit_mask(otp);
442
443 assert(value != NULL);
444 if (otp > STM32MP2_OTP_MAX_ID) {
445 panic();
446 }
447
448 *value = bsec_lock_register_get(BSEC_SPLOCK(bank), otp_mask);
449
450 return BSEC_OK;
451 }
452
453 /*
454 * bsec_get_secure_state: read state in BSEC status register.
455 * return: secure state
456 */
457 uint32_t bsec_get_secure_state(void)
458 {
459 uint32_t state = BSEC_STATE_INVALID;
460 uint32_t status = bsec_get_status();
461 uint32_t bsec_sr = mmio_read_32(BSEC_BASE + BSEC_SR);
462
463 if ((status & BSEC_OTPSR_INIT_DONE) == BSEC_OTPSR_INIT_DONE) {
464 /* NVSTATE is only valid if INIT_DONE */
465 uint32_t nvstates = (bsec_sr & BSEC_SR_NVSTATE_MASK) >> BSEC_SR_NVSTATE_SHIFT;
466
467 if (nvstates == BSEC_SR_NVSTATE_OPEN) {
468 state = BSEC_STATE_SEC_OPEN;
469 } else if (nvstates == BSEC_SR_NVSTATE_CLOSED) {
470 state = BSEC_STATE_SEC_CLOSED;
471 } else {
472 VERBOSE("%s nvstates = %u\n", __func__, nvstates);
473 }
474 }
475
476 return state;
477 }
478
479 /*
480 * bsec_shadow_read_otp: Load OTP from SAFMEM and provide its value
481 * val: read value.
482 * otp: OTP number.
483 * return value: BSEC_OK if no error.
484 */
485 uint32_t bsec_shadow_read_otp(uint32_t *val, uint32_t otp)
486 {
487 assert(val != NULL);
488 if (otp > STM32MP2_OTP_MAX_ID) {
489 panic();
490 }
491
492 *val = 0U;
493
494 if (is_bsec_write_locked()) {
495 return BSEC_WRITE_LOCKED;
496 }
497
498 if (!is_fuse_shadowed(otp)) {
499 uint32_t result = bsec_shadow_register(otp);
500
501 if (result != BSEC_OK) {
502 ERROR("BSEC: %u Shadowing Error %u\n", otp, result);
503 return result;
504 }
505 }
506
507 *val = mmio_read_32(BSEC_BASE + BSEC_FVR(otp));
508
509 return BSEC_OK;
510 }
511
512 /*
513 * bsec_read_otp: read an OTP data value.
514 * val: read value.
515 * otp: OTP number.
516 * return value: BSEC_OK if no error.
517 */
518 uint32_t bsec_read_otp(uint32_t *val, uint32_t otp)
519 {
520 assert(val != NULL);
521 if (otp > STM32MP2_OTP_MAX_ID) {
522 panic();
523 }
524
525 return bsec_shadow_read_otp(val, otp);
526 }
527